ICO using location-based data fears to push for more power

The Information Commissioner's Office (ICO) is looking to extend its audit capabilities to the private sector in light of growing concerns over the collection and use of location-based data by businesses.

The Information Commissioner's Office (ICO) is looking to extend its audit capabilities to the private sector in light of growing concerns over the collection and use of location-based data by businesses.

Under the Data Protection Act (DPA) 1998, the ICO currently has the power to inspect government organisations it suspects to be not compliant with the law, with or without their permission.

"We are making the case for increased inspection power in other sectors and that may well include the private sector," Jonathan Bamford, head of strategic liaison at the ICO told the ICT Knowledge Transfer Network conference 'A Fine Balance 2011: Location and Cyber Privacy in the Digital Age' in London today.

The ICO recognised that location-based data, information that is being collected on a growing basis by companies like Facebook, Google and Groupon, poses a potential threat to privacy.

There is also a risk that many people are unaware of what information is being collected about them, how it is being collected and how it is being used.

Although there is a regulatory framework in place to address these concerns – from EU directives to the UK's DPA – Bamford admitted that these may not be enough when it comes to location-based data.

He believes that the location-based data protection risks are different to the risks of traditional data collection methods because of its ubiquitous nature, and the fact that users are largely unaware of how the information is being collected and used.

"Because of the sheer pace of technological change and the ingenuity of the way people use location-based services, it does feel like we are playing catch-up [from a regulatory point of view]," he said.